#data security

Top hacks and data breaches in 2020

Alex Shepliakov 28/01/2021 11 min read

Contents:

  • Working from home
  • Poorly-built architecture
  • Credential Stuffing
  • Phishing
  • Human Error
  • Sophisticated and well-planned cyber attack
  • Conclusion

Cybersecurity is not something we think about daily, yet individuals and organizations are constantly exposed to cyberattacks' risks and threats. A tremendous amount of development effort goes into building a secure platform. It is a constant race of improving cybersecurity tech stack hoping cybercriminals are not on the same page yet. However, millions of businesses and individuals suffer from hacks monthly. Some of the cyberattacks are elaborate and complicated, yet some are quite simple and could have been avoided easily if a stronger security system was implemented. Saving costs on cybersecurity and basic human error have caused dramatic data breaches throughout history.

Let's have a look at different types of breaches and hacks, exemplified by the loudest cases of 2020.

Working from home

A tremendous amount of businesses has transitioned to online-based function and remote work due to pandemic in 2020. There also was a major change in governmental and medical organizational structure as they have provided platforms to reduce face-to-face meetings. And with an increased demand for storing data online, there is an inevitable increase in the risk of losing this data.

It is estimated that 20% of cybersecurity issues in 2020 in business organizations are related to working from home (WFH). It is not a new concept, but due to pandemic in 2020, many companies have made remote work a daily routine. This transition was due to a necessity and had to be done ASAP, which means it lacked planning and timing. Corporate Virtual Private Networks (VPNs) are often oblivious or not secured properly. For example, it is common to have a corporate network connection running on a cable connection for security reasons – and having to provide wireless access majorly compromises data flow. Cloud service is also skyrocketing, which increases data exposure. Finally, email compromising is an old and, unfortunately, effective trick. Thousands of phishing emails were spread through 2020, for example, UK’s National Health Service has reported approximately 40,000 spam and phishing attempts in the scope of the first 4 months of the pandemic.

According to 45% of respondents participating in the Malwarebytes survey, their organizations did not implement additional security checks or audits regarding remote work switch. 44% of respondents say that their organizations also did not provide any extra training or security instructions for WHF. Another major factor is having employees work on their own devices - which commonly lack even the most basic antivirus, not so say have additional cybersecurity layers.

A lot of collaboration tools have proven themselves to be unsafe – for example, there were several scandals relating to Zoom. Zoom is a popular web conferencing tool which went on a massive rise since March 2020. Eventually, there have been more than a dozen security and privacy issues discovered. Some of them have been fixed, whilst some remain troublesome. There have been many stories related to Zoom’s poor security – some being damaging, yet some being quite funny. A remarkable one was when a Dutch journalist Daniel Verlaan gatecrashed a confidential video conference between European defense ministers after Dutch Defence Minister tweeted a photo that contained login details to this meeting on his screen as Zoom did not cover them with asterisks.

Zoom is still generally safe to use unless personal and confidential data gets revealed. But these situations have unraveled gaps on the market, offering guaranteed confidentiality and safety. Sharing photos of personal screens on media is also something that should be seriously assessed to avoid incidents.

Poorly-built architecture

Parler is an infamous social network with a dramatic closure on January, 10th 2021 after Amazon, Apple and Google all dropped hosting it. However, right before that 70TB of their users’ messages, videos and posts have been archived and stolen, which raised a lot more concerns about safety techniques used by websites. Originally developed as a “free-speech alternative” to famous mainstream platforms, it has been spreading many harmful and violent messages and hate speech. Regardless of its political implications, Parler has demonstrated no safety for its users as all of the user profile data, user information, administration rights and even geolocation got exposed.

Parler was based on WordPress – one of the biggest and oldest content management systems. It was built in a rush to please its investors and had a majorly weak API architecture (the link between the front end and its user data). There simply was no need to authenticate to access API and extract back end data, which is an equivalent of welcoming everybody to have a look around.

According to further research, Parler turned out to have had extremely weak direct object reference - posts were listed in chronological order, and increasing URL by one would make the next post appear. There was no authentication required for viewing public posts as well as no restriction for someone viewing too many posts in a limited time scope. This enables hackers to write a simple script that would allow downloading every single message, photo, video, and other details in a straight sequence. Later on, some of this data was used to identify and arrest rioters who had broken into the Capitol on January 6th.

Data artist Kyle McDonald has recreated a visualization of locations of 68,000 videos that were archived.

Some say that Parler will return – and if it does, it would have to completely restructure its architecture and convince users that the platform should be trusted once again. We are yet to see how this story ends in the nearest future.

Credential Stuffing

The breach of a famous hotel network Marriott International has affected 5.2 million people. According to Marriott, the breach was due to credential theft of two employees, incurred in mid-January. These credentials gave access to the application used to provide service to guests and enabled hackers to access guest information through it. It is estimated that full contact details such as names, email addresses, addresses, phone numbers were stolen, personal details, Marriott loyalty details, linked airline loyalty programs, and customer preferences. Marriott claimed that no financial information, passport data and driving licenses were stolen.

It has taken an entire month for Marriott to notice that the data has leaked and something out of order is going on. It is not clear how exactly the credentials were stolen, but phishing emails and Credential Stuffing are most likely options. Credential Stuffing is when a person uses the same password to multiple websites and systems, so when a hacker obtains details for one of the sites, he gains access to all.

Multi-factor authentication could have been a good preventative measure for Marriott’s employees when accessing sensitive data. This way, just stealing a password would not grant access to the database and would instantly overcomplicate the hack. Also, Marriott has taken an unreasonably long time to notice the malicious activity – over a month! Better IAM – Identity Access Management – would have picked up one simultaneously used account and accessed millions of customer records way faster.

Phishing

Even the biggest platforms are not exempt from losing their data. Another social media has been a victim of hackers – a big one this time. Twitter had 130 high-profile accounts hacked where a bitcoin scam was promoted. The accounts hacked were major, verified, and famous figures with large audiences – Joe Biden, Barack Obama, Elon Musk, Bill Gates. The scam itself was offering people to double their Bitcoin investments if the money is sent to a certain address. All of the compromised accounts posted this simultaneously and published several scam messages every second. Within a few minutes of posting, transactions started taking place.

According to the investigation, the scam was first tried on short and unknown accounts, after which it moved onto the real targets.

It is interesting to note that scammers did not make money out of actual credential theft, regardless of how they took over the account. What made them succeed was phishing – gathering money or information through deceptive emails, adverts and notes. Phishing is prevalent in the working environment as numbers and numbers of phishing emails regularly get caught by employers' safeguards. Most of us have encountered an odd phishing email, promising free things after you pay for “postage and packaging”, or making a specific bet, or depositing money without knowing that it will be lost forever.

Twitter later confirmed that only 45 out of 130 targeted accounts were breached – yet criminals have stolen over $110,000 – slightly less than 13 bitcoins in a few hours before they were stopped. These types of bitcoin scams have incurred in Twitter before, yet this is the biggest scope it ever got to so far.

It has been revealed that a hack happened due to cybercriminals getting hold of “agent tool” – an administrative tool that enables changing account-level settings in some of the accounts, including amending confirmation emails. This allowed hackers to reset the passwords of those with compromised emails. Access was potentially gained through bribing Twitter employees, as some sources claim. The other option is a series of social engineering attacks targeting Twitter employees to steal their credentials – and several factors might have made it easier for hackers. For example, due to coronavirus some of the employees are allowed to work from home and use their own devices for work – risks of these practices have been discussed earlier.

It raises serious concerns about Twitter’s authentication methods and general safety. Considering the influence verified account holders have over their audience and its implications on the political scene, it is reasonable to expect social media giants to put extra effort into protecting their data.

Human Error

One of the horrors shown in sci-fi movies – biometric data theft, has also come true in 2020. Unironically, it was stolen from Antheus Technologia, a security firm handling employee fingerprint identifications worldwide. Over 2million bits of data were stolen, including 76,000 fingerprints.

It has turned out that Antheus has left 16 gigabytes consisting of over 80 million records of highly sensitive data and biometric IDs poorly secured on their servers. They have been storing fingerprints in the binary format, which can be relatively easily matched by hackers. Besides, compromised data included administrator login information, employee phone numbers and company emails. This can have severe consequences for people whose records have been stolen as fingerprints are widely used and are permanent, unlike passwords.

The breach was discovered by a completely separate company, SafetyDetectives.com who specialize in antivirus software.

It turns out that the cloud database was neither password-protected nor encrypted. With more and more businesses storing their data in the cloud rather than premises, it is crucial not to neglect cloud security and avoid data misconfiguration at all cost.

It is most likely to be a human error on the IT side of the business.

Sophisticated and well planned cyber attack

Even though the amount of travel got majorly reduced in 2020, travellers still were at cybersecurity risks. EasyJet came to the spotlight in May 2020 when it became a victim of a cyberattack. Personal data and financial information of 9 million customers have been exposed due to the incident.

This attack has been considered “highly sophisticated”, and it took time for the business to understand the scope of the attack to discover who has been impacted. It turned out that even CVV numbers from the back of the bank cards have been stolen, on top of full bank account details, emails, addresses, and travel destinations of individuals. This was a long-planned hack that used highly deceptive techniques. There is not much information on how exactly the attack has happened, and it was targeting the company's intellectual property. We can only assume that to access the payment details of passengers. The hackers had to deceptively go through layers and layers of security mechanisms.

Conclusion

We can see that cybersecurity is affecting various aspects of our lives – work, travel, shopping. No industry is exempt from the risk of being hacked, and it is essential to understand the implications from both personal and professional point of view. With most of the companies selling goods and services over the internet, it is crucial to understand how important is data and customer protection.

The best thing you can do to protect your brand, reputation, and customers is to invest in cybersecurity professionals and maintain strong safety policies. WiserBrand is happy to provide you with knowledgeable and educated professionals to cover your brand’s cybersecurity needs.